US7162743B1 - System and method of limiting access to protected hardware addresses and processor instructions - Google Patents

System and method of limiting access to protected hardware addresses and processor instructions Download PDF

Info

Publication number
US7162743B1
US7162743B1 US09/971,327 US97132701A US7162743B1 US 7162743 B1 US7162743 B1 US 7162743B1 US 97132701 A US97132701 A US 97132701A US 7162743 B1 US7162743 B1 US 7162743B1
Authority
US
United States
Prior art keywords
hardware
access
software
range
addresses
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US09/971,327
Inventor
Joe Bolding
Dan Tormey
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Development Co LP
Original Assignee
Hewlett Packard Development Co LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Development Co LP filed Critical Hewlett Packard Development Co LP
Priority to US09/971,327 priority Critical patent/US7162743B1/en
Assigned to HEWLETT-PACKARD COMPANY reassignment HEWLETT-PACKARD COMPANY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BOLDING, JOE, TORMEY, DAN
Assigned to HEWLETT-PACKARD DEVELOPMENT COMPANY L.P. reassignment HEWLETT-PACKARD DEVELOPMENT COMPANY L.P. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HEWLETT-PACKARD COMPANY
Application granted granted Critical
Publication of US7162743B1 publication Critical patent/US7162743B1/en
Adjusted expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1441Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range

Definitions

  • the present invention generally relates to computer hardware and operating system software. More particularly, and not by way of any limitation, the present invention is directed to a system and method of limiting access by software code to protected computer hardware addresses and a predefined set of processor instructions.
  • the current method of making an operating system (OS) portable to multiple hardware platforms is to specify a set of hardware in a reference platform specification that the OS can access.
  • the reference platform is a set of restricted hardware and hardware-vendor-supplied software modules that meet an industry standard for the minimum hardware/software required to execute an OS.
  • the hardware vendor supplies the software modules with a standard interface to allow any OS to use them.
  • a software module known as the Processor Abstraction Layer (PAL) is responsible for initializing the processor hardware. When utilized properly, no other code is allowed to modify the processor registers that control the initialization of the processor. End users are not supposed to have access to this initialization code or to the hardware registers themselves.
  • Other software modules such as the Hardware Abstraction Layer (HAL) and the System Abstraction Layer (SAL) are designed to provide OS isolation from other hardware in the platform.
  • HAL Hardware Abstraction Layer
  • SAL System Abstraction Layer
  • the proper use of abstraction layers also enables the microprocessor manufacturer to make changes to the microprocessor while still providing compatibility with end-user software by providing the end user with new HAL code.
  • the manufacturer may change the procedures inside the processor for setting up the internal cache, clearing the TLBs, and so on without impacting the ability of end users to run their software on the platform.
  • third party software vendors such as game manufacturers may intentionally implement software that directly accesses restricted hardware such as the VGA video card in order to enhance the performance of their games.
  • game manufacturers should use service routines provided by the OS, and the OS should then access the video card.
  • service routines provided by the OS
  • the OS should then access the video card.
  • a mechanism is needed to restrict access to the instruction core, from any source, to a predefined set of instructions related to the particular CPU type (e.g., the CPU's basic instruction set).
  • a predefined set of instructions related to the particular CPU type e.g., the CPU's basic instruction set.
  • the CPU's basic instruction set e.g., the CPU's basic instruction set.
  • problems can arise when sources authorized to access the basic set of instructions access the extended instruction set. It should be appreciated that a solution to the aforementioned deficiencies would be highly desirable.
  • the present invention advantageously provides a method of protecting a defined hardware address from being directly accessed by unauthorized software modules.
  • the method includes the steps of defining a protected hardware address; defining a software address that is permitted to access the protected hardware address; and detecting an attempted access to the protected hardware address. This is followed by determining whether the access is from the defined software address; permitting the access upon determining that the access is from the defined software address; and prohibiting the access upon determining that the access is not from the defined software address.
  • the method may also include defining a set of valid processor instructions; determining whether a current processor instruction is in the defined set of valid instructions; and stopping processor operations upon determining that the current processor instruction is not in the defined set of valid instructions.
  • the present invention is directed to a method of protecting a defined range of hardware addresses from being directly accessed by unauthorized software modules.
  • the method includes the steps of defining a range of software addresses; associating a name of an abstraction layer with the defined range of software addresses; defining a range of protected hardware addresses; and associating a name of a hardware component with the defined range of hardware addresses.
  • the abstraction layer is then specified as the only software that is permitted to access the range of hardware addresses associated with the name of the hardware component. This is followed by detecting an attempted access to a hardware address in the range of hardware addresses associated with the name of the hardware component, and determining whether the access is from a software address in the range of software addresses associated with the abstraction layer. If so, access is permitted. If not, the access is prohibited.
  • the present invention is directed to a method of protecting a defined range of hardware addresses from being directly accessed by unauthorized software modules.
  • the method includes defining a range of software addresses; associating an abstraction layer with the defined range of software addresses; defining a range of protected hardware addresses; and associating a hardware component with the defined range of hardware addresses.
  • the abstraction layer is then specified as the only software that is permitted to access the range of hardware addresses associated with the hardware component.
  • the method determines whether the attempted access is directed to a hardware address in the range of hardware addresses associated with the hardware component.
  • the defined software address ranges are searched for a match to an instruction pointer in the attempted access. The access is prohibited if no match to the instruction pointer is found, or if a match is found in a software address range that is not associated with the abstraction layer.
  • the present invention is directed to a system for protecting a defined range of hardware addresses from being directly accessed by unauthorized software modules.
  • the system includes a plurality of hardware components in a functional area of a processing machine.
  • the hardware components have a defined range of protected hardware addresses.
  • a memory device stores abstraction layer code having a defined range of software addresses.
  • the abstraction layer code is permitted to access the hardware addresses in the defined range of protected hardware addresses.
  • the system also includes access detecting means for detecting an attempted access to a hardware address in the defined range of protected hardware addresses, and software searching means for determining whether the attempted access is from the abstraction layer code.
  • the system also includes error generation means for prohibiting the access and generating an error message upon determining that the access is not from the abstraction layer code.
  • the present invention is directed to a method of verifying software code compliance with respect to a reference platform.
  • the method includes the steps of associating a hardware component of the reference platform with a defined range of protected hardware addresses; defining a range of software addresses allowed to access the protected hardware addresses; and executing a code portion in a computing environment associated with the reference platform. It is then determined whether any instruction of the code portion attempting to access at least one of the protected hardware addresses is not from the range of software addresses allowed to access the hardware addresses. If so, a flag is provided to indicate the attempted access by the code portion to one of the protected hardware addresses.
  • the present invention is directed to a method of protecting a defined subset of processor instructions from being executed by unauthorized software modules.
  • the method includes the steps of defining a set of authorized processor instructions; determining whether a processor instruction being accessed is in the defined set of authorized instructions; and prohibiting execution of the processor instruction upon determining that the processor instruction being accessed is not in the defined set of authorized instructions.
  • the method may also include the steps of defining a software address that is permitted to execute the defined set of authorized processor instructions;
  • FIG. 1 depicts a flow chart of the overall steps involved in the method of the present invention
  • FIG. 2 depicts a flow chart of the steps involved in an exemplary user-interface process of defining hardware addresses, software addresses, allowed accesses, and specific CPU-type instructions in accordance with the teachings of the present invention
  • FIG. 3 depicts a flow chart of the steps involved in an exemplary execution-stream process of limiting the valid CPU instructions to a defined subset of all processor instructions in accordance with the teachings of the present invention
  • FIG. 4 depicts a flow chart of the steps involved in an exemplary execution-stream process of ensuring that off-chip accesses are permitted only from defined software address ranges to defined hardware address ranges in accordance with the teachings of the present invention.
  • FIG. 5 depicts a simplified functional block diagram of the system of the present invention illustrating the functional relationships between the involved software modules and hardware components.
  • the present invention provides a method of protecting defined hardware address locations from being directly accessed by unauthorized software modules. All accesses that are not from the vendor-supplied software modules are flagged, and the simulation is stopped. If the defined hardware and software ranges are in compliance with the reference platform specification, this helps OS developers to ensure that their OS is portable across hardware platforms that conform to the reference platform specification.
  • the present invention determines whether the instruction that the access came from is from an enabled software address. If so, the access is permitted. If not, the access is denied.
  • the preferred embodiment implements this process through software. Although the process can be performed with hardware gates, such an implementation would be more limited than implementing it in software, and thus is not preferred.
  • the method first defines the hardware address ranges to be protected, the software address ranges permitted to access the defined hardware address ranges, and a subset of valid CPU instructions for the reference platform.
  • the method ensures that processor instructions are limited to instructions in the defined subset of valid CPU instructions. If an instruction is not in the defined subset, the method moves to step 13 where an error message is generated, and the simulation is stopped.
  • the method detects off-chip accesses, and at step 15 ensures that each off-chip access to a defined hardware address ranges is from a defined software address range.
  • step 16 If an off-chip access to a defined hardware address ranges is detected from a software address that is not in a defined range, the method moves to step 16 where an error message is generated, and the simulation is stopped. If all conditions are met, the simulation is continued at step 17 .
  • the access may be flagged by returning the user to the simulator prompt so that the user must take some user intervention.
  • the prohibited access may generate a high priority machine check or a fault of some sort (i.e, something other than the normal course of execution). It may also generate an entry into a log file, or it may stop the execution of the machine, and generate a fault that goes to a fault handler.
  • the user interface modification provides the user with the ability to define a set of hardware addresses and a set of software addresses, and to define which software modules may address which hardware, and what CPU instructions are valid.
  • the SAL code is permitted to access hardware that controls the memory controller, or coherency controller (CC), but no other software is allowed to access this hardware.
  • CC coherency controller
  • the first command defines a range of software addresses, and associates the name SAL with the defined range of software addresses.
  • the second command defines a range of hardware addresses, associates the name CC with the defined range of hardware addresses, and specifies SAL as the only software module permitted to access this hardware.
  • the third command defines what CPU instructions may be executed (in this case, Itanium_basic), and because there is no abstraction layer specified, all of the abstraction layers are permitted to access the Itanium_basic instruction set.
  • the third command could alternatively be written as follows:
  • This command defines that the McKinley_extended instruction set is added to the Itanium_basic instruction set, and specifies PAL as the only software module permitted to access the McKinley_extended instructions.
  • FIG. 2 depicts a flow chart of the steps involved in an exemplary user-interface process of defining hardware addresses, software addresses, allowed accesses, and specific CPU-type instructions in accordance with the teachings of the present invention.
  • the first command above is utilized to define a range of software addresses (step 21 ) and to associate an abstraction layer (for example SAL) with the defined range of software addresses (step 22 ).
  • the second command above is utilized to define the protected range of hardware addresses (step 23 ), to associate a hardware device such as the CC with the defined range of hardware addresses (step 24 ), and to specify the named abstraction layer, SAL, as the only software module permitted to access the CC hardware (step 25 ).
  • the third command above is utilized to define a subset of all CPU instructions that may be executed in accordance with the reference platform specification.
  • the present invention also makes modifications to the execution stream.
  • the execution stream modifications are made in two areas, instruction control and control of external access from the CPU.
  • the instruction control modification enables the user to limit the valid instructions to a base set which is a subset of all the instructions of the processor. If the processor executes an instruction that is not part of the defined base instructions, an error message is generated, and the simulation is stopped after the current instruction.
  • FIG. 3 depicts a flow chart of the steps involved in an exemplary execution-stream process of limiting the valid CPU instructions to a defined subset of all processor instructions in accordance with the teachings of the present invention.
  • the instruction control modification enables the user to limit the valid instructions to a base set which is the subset of all processor instructions that was defined in step 26 of FIG. 2 .
  • the process moves to step 33 where the simulation is allowed to continue. However, if the processor executes an instruction that is not part of the defined subset, an “instruction not in reference platform” error is generated at step 34 .
  • the simulation is stopped after the current instruction.
  • the second area of execution stream modifications is made in the control of external access from the CPU.
  • the external access control uses the information in the add software_address and add hardware_address commands above to ensure that only accesses from the specified software range are permitted to hardware in the specified hardware range.
  • FIG. 4 depicts a flow chart of the steps involved in an exemplary execution-stream process of ensuring that off-chip accesses are permitted only from defined software address ranges to defined hardware address ranges in accordance with the teachings of the present invention.
  • an off-chip access is detected.
  • the processor model checks all hardware address ranges that have been defined with the add hardware_address command in step 23 of FIG. 2 .
  • step 44 the software address ranges defined in step 21 of FIG. 2 are searched for a match to the instruction pointer.
  • step 45 it is determined whether a match is found, or if a found software address range has access to the defined hardware address range. If a match is found, or if a found software address range has access to the defined hardware address range, the process moves to step 46 where the simulation is allowed to continue. However, if no match is found, or if the software address range found does not have access to the hardware address range, the process moves to step 47 where the simulator generates an “out of reference platform access” error. At step 48 , the simulation is stopped at the completion of the current instruction.
  • FIG. 5 depicts a simplified functional block diagram of the system of the present invention illustrating the functional relationships between the software modules and hardware involved.
  • the invention partitions software and hardware into different address ranges and instruction sets.
  • Software for example, may be divided into third party software 51 and a series of abstraction layers that may be stored in ROM 52 .
  • the abstraction layers may be divided into a Processor Abstraction Layer (PAL) 53 , a Hardware Abstraction Layer (HAL) 54 , and a System Abstraction Layer (SAL) 55 .
  • PAL Processor Abstraction Layer
  • HAL Hardware Abstraction Layer
  • SAL System Abstraction Layer
  • Other abstraction layers may also be defined.
  • Each of the abstraction layers is stored in a different software address range.
  • the hardware is divided into functional areas, and the registers and other addressable hardware devices in each functional area are assigned an address in a different hardware address range.
  • the hardware in the coherency controller 56 may be in a particular address range.
  • the CPU instructions are divided into a basic instruction set 58 and an extended instruction set 59 .
  • a CPU known as the Itanium processor utilizes a basic instruction set, Itanium Basic.
  • a follow-on CPU known as the McKinley processor utilizes an extended instruction set, McKinley Extended. Problems can arise when sources authorized to access only the basic set of instructions, access and attempt to execute instructions in the extended instruction set. Therefore, the present invention selectively limits access to the instruction core to the basic instruction set 58 .
  • the invention prohibits direct accesses from the third party software 51 to any of the protected hardware address ranges in the coherency controller 56 , or to any of the CPU instruction sets in the instruction core 57 .
  • the third party software is only allowed to access these addresses through service routines provided by the abstraction layers, PAL 53 , HAL 54 , and SAL 55 .
  • Third party software is not allowed to execute instructions except those instructions in the Itanium_basic instruction set.
  • a third party OS may attempt to execute an instruction in the McKinley_extended instruction set 59 in the instruction core.
  • execution of the McKinley_extended instruction set is limited to code executing in a permitted abstraction layer (PAL in this example), and the access is prohibited when the processor recognizes that the execution address is not from one of the permitted abstraction layers.
  • each abstraction layer has specific hardware address ranges and instruction sets that it is permitted to access or execute.
  • the abstraction layers are all permitted to execute the basic instruction set 58 while only PAL 53 is permitted to execute the extended instruction set 59 .
  • the present invention may prohibit or permit any combination of the abstraction layers from executing any designated instruction set. Any unauthorized attempt to access a protected hardware address range, or to execute a protected instruction set is flagged. The simulator may then be stopped, and the user may be warned that he is accessing a protected address or instruction.
  • FIG. 5 illustrates a relationship in which the PAL code 53 is prohibited from accessing the coherency controller 56 , but is permitted to execute the basic instruction set 58 and the extended instruction set 59 .
  • the HAL code 54 is permitted to execute the basic instruction set 58 , but is prohibited from accessing the coherency controller 56 or executing the extended instruction set 59 .
  • the SAL code 55 is permitted to access the coherency controller 56 and to execute the basic instruction set 58 , but is prohibited from executing the extended instruction set 59 . Therefore, any off-chip access must specify the correct abstraction layer for a targeted hardware address, and any instruction execution must be from a specified software abstraction layer.
  • the present invention may also be practiced on actual hardware systems such as a PC.
  • some game manufacturers may design their game to directly access a hardware component such as the VGA card to get quicker performance.
  • the present invention may be utilized in the PC environment, or in a simulator for a PC environment, to prohibit such direct accesses to the VGA card and require that access be made through the OS.
  • the present invention may also be tunable.
  • the invention may allow a prohibited access once, but then may give a warning that no more accesses are permitted. If another prohibited access is then attempted, an error message is generated and the simulator or machine may be stopped.
  • the present invention provides the benefit that hardware revisions can be made by the manufacturer, and only the HAL, SAL, and PAL codes need to be changed.
  • the third party software is not affected since it does not access the hardware directly.
  • the invention helps these developers and operators ensure that all of the OSs are clean (i.e., have no machine-specific code in them). When all of the OSs are clean, they can be shrink-wrapped and used on any hardware platform since the OSs do not perform any hardware-specific functions. It should be apparent that any known OS (e.g., HPUX®, Linux, Windows®, Windows NT®, MacOS®, any Unix-based OS, and the like) may be verified for compliance by practicing the teachings of the present invention.

Abstract

A system and method for protecting a defined range of hardware addresses or a defined set of processor instructions from being accessed or executed by unauthorized software modules. Abstraction layer code is given a range of software addresses that are permitted to access the protected addresses or execute the instructions. Authorized accesses must utilize service routines provided by the abstraction layer code. When an attempted access to a protected hardware address is detected, it is determined whether the access is from the abstraction layer code. If so, the access is permitted. If not, the access is prohibited, and an error message is generated. A basic set of authorized processor instructions and an extended set of processor instructions may be defined for a reference platform. Execution of processor instructions in the extended set is limited to authorized abstraction layers. Otherwise, the attempted execution is prohibited, and an error message is generated.

Description

BACKGROUND OF THE INVENTION
1. Technical Field of the Invention
The present invention generally relates to computer hardware and operating system software. More particularly, and not by way of any limitation, the present invention is directed to a system and method of limiting access by software code to protected computer hardware addresses and a predefined set of processor instructions.
2. Description of Related Art
The current method of making an operating system (OS) portable to multiple hardware platforms is to specify a set of hardware in a reference platform specification that the OS can access. The reference platform is a set of restricted hardware and hardware-vendor-supplied software modules that meet an industry standard for the minimum hardware/software required to execute an OS. The hardware vendor supplies the software modules with a standard interface to allow any OS to use them. For example, a software module known as the Processor Abstraction Layer (PAL) is responsible for initializing the processor hardware. When utilized properly, no other code is allowed to modify the processor registers that control the initialization of the processor. End users are not supposed to have access to this initialization code or to the hardware registers themselves. Other software modules such as the Hardware Abstraction Layer (HAL) and the System Abstraction Layer (SAL) are designed to provide OS isolation from other hardware in the platform.
In addition to enabling the OS provider to design an OS that operates on different platforms, the proper use of abstraction layers also enables the microprocessor manufacturer to make changes to the microprocessor while still providing compatibility with end-user software by providing the end user with new HAL code. For example, the manufacturer may change the procedures inside the processor for setting up the internal cache, clearing the TLBs, and so on without impacting the ability of end users to run their software on the platform.
The use of abstraction layers is beset with several deficiencies, however. First, developers such as OS developers may inadvertently implement pointers in their software that directly access hardware registers. Such “wild pointers” can cause problems when changes are made to the hardware, or when the OS is used on a different platform. If the OS includes machine-specific code, that code will not execute correctly if the hardware is modified or if the OS is run on a new hardware platform. There is currently no mechanism to identify inadvertent machine-specific code in an OS.
Secondly, in the PC environment, third party software vendors such as game manufacturers may intentionally implement software that directly accesses restricted hardware such as the VGA video card in order to enhance the performance of their games. Ideally, the game manufacturers should use service routines provided by the OS, and the OS should then access the video card. However, there is currently no mechanism to identify software that intentionally accesses restricted hardware.
Thirdly, a mechanism is needed to restrict access to the instruction core, from any source, to a predefined set of instructions related to the particular CPU type (e.g., the CPU's basic instruction set). In a CPU family, there may be follow-on CPUs that build upon a basic set of CPU instructions with extensions to the basic set. Problems can arise when sources authorized to access the basic set of instructions access the extended instruction set. It should be appreciated that a solution to the aforementioned deficiencies would be highly desirable.
SUMMARY OF THE INVENTION
Accordingly, the present invention advantageously provides a method of protecting a defined hardware address from being directly accessed by unauthorized software modules. The method includes the steps of defining a protected hardware address; defining a software address that is permitted to access the protected hardware address; and detecting an attempted access to the protected hardware address. This is followed by determining whether the access is from the defined software address; permitting the access upon determining that the access is from the defined software address; and prohibiting the access upon determining that the access is not from the defined software address. The method may also include defining a set of valid processor instructions; determining whether a current processor instruction is in the defined set of valid instructions; and stopping processor operations upon determining that the current processor instruction is not in the defined set of valid instructions.
In a further aspect, the present invention is directed to a method of protecting a defined range of hardware addresses from being directly accessed by unauthorized software modules. The method includes the steps of defining a range of software addresses; associating a name of an abstraction layer with the defined range of software addresses; defining a range of protected hardware addresses; and associating a name of a hardware component with the defined range of hardware addresses. The abstraction layer is then specified as the only software that is permitted to access the range of hardware addresses associated with the name of the hardware component. This is followed by detecting an attempted access to a hardware address in the range of hardware addresses associated with the name of the hardware component, and determining whether the access is from a software address in the range of software addresses associated with the abstraction layer. If so, access is permitted. If not, the access is prohibited.
In a still further aspect, the present invention is directed to a method of protecting a defined range of hardware addresses from being directly accessed by unauthorized software modules. The method includes defining a range of software addresses; associating an abstraction layer with the defined range of software addresses; defining a range of protected hardware addresses; and associating a hardware component with the defined range of hardware addresses. The abstraction layer is then specified as the only software that is permitted to access the range of hardware addresses associated with the hardware component. When an attempted access to a hardware address is detected, the method determines whether the attempted access is directed to a hardware address in the range of hardware addresses associated with the hardware component. Upon determining that the attempted access is directed to a hardware address in the range of hardware addresses associated with the hardware component, the defined software address ranges are searched for a match to an instruction pointer in the attempted access. The access is prohibited if no match to the instruction pointer is found, or if a match is found in a software address range that is not associated with the abstraction layer.
In yet another aspect, the present invention is directed to a system for protecting a defined range of hardware addresses from being directly accessed by unauthorized software modules. The system includes a plurality of hardware components in a functional area of a processing machine. The hardware components have a defined range of protected hardware addresses. A memory device stores abstraction layer code having a defined range of software addresses. The abstraction layer code is permitted to access the hardware addresses in the defined range of protected hardware addresses. The system also includes access detecting means for detecting an attempted access to a hardware address in the defined range of protected hardware addresses, and software searching means for determining whether the attempted access is from the abstraction layer code. The system also includes error generation means for prohibiting the access and generating an error message upon determining that the access is not from the abstraction layer code.
In still yet another aspect, the present invention is directed to a method of verifying software code compliance with respect to a reference platform. The method includes the steps of associating a hardware component of the reference platform with a defined range of protected hardware addresses; defining a range of software addresses allowed to access the protected hardware addresses; and executing a code portion in a computing environment associated with the reference platform. It is then determined whether any instruction of the code portion attempting to access at least one of the protected hardware addresses is not from the range of software addresses allowed to access the hardware addresses. If so, a flag is provided to indicate the attempted access by the code portion to one of the protected hardware addresses.
In yet another aspect, the present invention is directed to a method of protecting a defined subset of processor instructions from being executed by unauthorized software modules. The method includes the steps of defining a set of authorized processor instructions; determining whether a processor instruction being accessed is in the defined set of authorized instructions; and prohibiting execution of the processor instruction upon determining that the processor instruction being accessed is not in the defined set of authorized instructions. The method may also include the steps of defining a software address that is permitted to execute the defined set of authorized processor instructions;
determining whether an attempted execution of an instruction in the defined set of authorized processor instructions is from the defined software address; permitting execution of the instruction in the defined set of authorized processor instructions upon determining that the attempted execution is from the defined software address; and prohibiting execution of the instruction in the defined set of authorized processor instructions upon determining that the attempted execution is not from the defined software address.
BRIEF DESCRIPTION OF THE DRAWINGS
A more complete understanding of the present invention may be had by reference to the following Detailed Description when taken in conjunction with the accompanying drawings wherein:
FIG. 1 depicts a flow chart of the overall steps involved in the method of the present invention;
FIG. 2 depicts a flow chart of the steps involved in an exemplary user-interface process of defining hardware addresses, software addresses, allowed accesses, and specific CPU-type instructions in accordance with the teachings of the present invention;
FIG. 3 depicts a flow chart of the steps involved in an exemplary execution-stream process of limiting the valid CPU instructions to a defined subset of all processor instructions in accordance with the teachings of the present invention;
FIG. 4 depicts a flow chart of the steps involved in an exemplary execution-stream process of ensuring that off-chip accesses are permitted only from defined software address ranges to defined hardware address ranges in accordance with the teachings of the present invention; and
FIG. 5 depicts a simplified functional block diagram of the system of the present invention illustrating the functional relationships between the involved software modules and hardware components.
 DETAILED DESCRIPTION OF THE DRAWINGS
In the drawings, like or similar elements are designated with identical reference numerals throughout the several views thereof, and the various elements depicted are not necessarily drawn to scale. The preferred embodiment of the present invention is described herein in the context of modifications to a simulator that is capable of modeling a reference platform. It should be appreciated that oftentimes the hardware development of a particular platform may not have advanced far enough to allow debug testing of the software code targeted for that platform. Typically, an architectural simulator is utilized in such instances. The simulator, which is operable to simulate a target hardware platform, can “execute” a particular piece of software intended for the target hardware as if it were run on the actual machine itself. It should be readily apparent to those skilled in the art, however, that the present invention may be advantageously practiced on actual hardware systems as well.
The present invention provides a method of protecting defined hardware address locations from being directly accessed by unauthorized software modules. All accesses that are not from the vendor-supplied software modules are flagged, and the simulation is stopped. If the defined hardware and software ranges are in compliance with the reference platform specification, this helps OS developers to ensure that their OS is portable across hardware platforms that conform to the reference platform specification.
Generically, then, if a software access is directed to a particular hardware address, the present invention determines whether the instruction that the access came from is from an enabled software address. If so, the access is permitted. If not, the access is denied. The preferred embodiment implements this process through software. Although the process can be performed with hardware gates, such an implementation would be more limited than implementing it in software, and thus is not preferred.
Referring now to FIG. 1, depicted therein is a flow chart of the overall steps involved in the method of the present invention. At step 11, the method first defines the hardware address ranges to be protected, the software address ranges permitted to access the defined hardware address ranges, and a subset of valid CPU instructions for the reference platform. At step 12, the method ensures that processor instructions are limited to instructions in the defined subset of valid CPU instructions. If an instruction is not in the defined subset, the method moves to step 13 where an error message is generated, and the simulation is stopped. At step 14, the method detects off-chip accesses, and at step 15 ensures that each off-chip access to a defined hardware address ranges is from a defined software address range. If an off-chip access to a defined hardware address ranges is detected from a software address that is not in a defined range, the method moves to step 16 where an error message is generated, and the simulation is stopped. If all conditions are met, the simulation is continued at step 17.
In the simulator environment, when a prohibited access is attempted, the access may be flagged by returning the user to the simulator prompt so that the user must take some user intervention. In a hardware implementation, the prohibited access may generate a high priority machine check or a fault of some sort (i.e, something other than the normal course of execution). It may also generate an entry into a log file, or it may stop the execution of the machine, and generate a fault that goes to a fault handler.
To implement the present invention, modifications are made to the reference platform simulator in two areas: the user interface and the execution stream. The user interface modification provides the user with the ability to define a set of hardware addresses and a set of software addresses, and to define which software modules may address which hardware, and what CPU instructions are valid. In one example, the SAL code is permitted to access hardware that controls the memory controller, or coherency controller (CC), but no other software is allowed to access this hardware. Three exemplary commands to implement such a relationship in a simulator are:
add software_address SAL 0xFE00000000 0xFFFFFFFFFFF
add hardware_address CC 0xF00000000 0xF100000000 SAL
add cpu_type Itanium_basic
The first command defines a range of software addresses, and associates the name SAL with the defined range of software addresses. The second command defines a range of hardware addresses, associates the name CC with the defined range of hardware addresses, and specifies SAL as the only software module permitted to access this hardware. The third command defines what CPU instructions may be executed (in this case, Itanium_basic), and because there is no abstraction layer specified, all of the abstraction layers are permitted to access the Itanium_basic instruction set. The third command could alternatively be written as follows:
add cpu_type McKinley_extended PAL
This command defines that the McKinley_extended instruction set is added to the Itanium_basic instruction set, and specifies PAL as the only software module permitted to access the McKinley_extended instructions.
FIG. 2 depicts a flow chart of the steps involved in an exemplary user-interface process of defining hardware addresses, software addresses, allowed accesses, and specific CPU-type instructions in accordance with the teachings of the present invention. At steps 21 and 22, the first command above is utilized to define a range of software addresses (step 21) and to associate an abstraction layer (for example SAL) with the defined range of software addresses (step 22). At steps 2325, the second command above is utilized to define the protected range of hardware addresses (step 23), to associate a hardware device such as the CC with the defined range of hardware addresses (step 24), and to specify the named abstraction layer, SAL, as the only software module permitted to access the CC hardware (step 25). At step 26, the third command above is utilized to define a subset of all CPU instructions that may be executed in accordance with the reference platform specification.
As noted above, in addition to the user interface modifications, the present invention also makes modifications to the execution stream. The execution stream modifications are made in two areas, instruction control and control of external access from the CPU. The instruction control modification enables the user to limit the valid instructions to a base set which is a subset of all the instructions of the processor. If the processor executes an instruction that is not part of the defined base instructions, an error message is generated, and the simulation is stopped after the current instruction.
FIG. 3 depicts a flow chart of the steps involved in an exemplary execution-stream process of limiting the valid CPU instructions to a defined subset of all processor instructions in accordance with the teachings of the present invention. At step 31, the instruction control modification enables the user to limit the valid instructions to a base set which is the subset of all processor instructions that was defined in step 26 of FIG. 2. At step 32, whenever the processor executes an instruction that is part of the defined subset of instructions, the process moves to step 33 where the simulation is allowed to continue. However, if the processor executes an instruction that is not part of the defined subset, an “instruction not in reference platform” error is generated at step 34. At step 35, the simulation is stopped after the current instruction.
The second area of execution stream modifications is made in the control of external access from the CPU. The external access control uses the information in the add software_address and add hardware_address commands above to ensure that only accesses from the specified software range are permitted to hardware in the specified hardware range.
FIG. 4 depicts a flow chart of the steps involved in an exemplary execution-stream process of ensuring that off-chip accesses are permitted only from defined software address ranges to defined hardware address ranges in accordance with the teachings of the present invention. At step 41, an off-chip access is detected. At step 42, the processor model checks all hardware address ranges that have been defined with the add hardware_address command in step 23 of FIG. 2. At step 43, it is determined whether the off-chip access is made to an address in a defined hardware address range. If not, the address is not a protected address, and the process moves to step 46 where the simulation is allowed to continue. However, if the off-chip access is made to an address in a defined hardware address range, the process moves to step 44 where the software address ranges defined in step 21 of FIG. 2 are searched for a match to the instruction pointer. At step 45, it is determined whether a match is found, or if a found software address range has access to the defined hardware address range. If a match is found, or if a found software address range has access to the defined hardware address range, the process moves to step 46 where the simulation is allowed to continue. However, if no match is found, or if the software address range found does not have access to the hardware address range, the process moves to step 47 where the simulator generates an “out of reference platform access” error. At step 48, the simulation is stopped at the completion of the current instruction.
FIG. 5 depicts a simplified functional block diagram of the system of the present invention illustrating the functional relationships between the software modules and hardware involved. The invention partitions software and hardware into different address ranges and instruction sets. Software, for example, may be divided into third party software 51 and a series of abstraction layers that may be stored in ROM 52. The abstraction layers may be divided into a Processor Abstraction Layer (PAL) 53, a Hardware Abstraction Layer (HAL) 54, and a System Abstraction Layer (SAL) 55. Other abstraction layers may also be defined. Each of the abstraction layers is stored in a different software address range.
Likewise, the hardware is divided into functional areas, and the registers and other addressable hardware devices in each functional area are assigned an address in a different hardware address range. For example, the hardware in the coherency controller 56 may be in a particular address range. Within the instruction core 57, the CPU instructions are divided into a basic instruction set 58 and an extended instruction set 59. In a CPU family, there may be follow-on CPUs that build upon a basic set of CPU instructions with extensions to the basic set. For instance, in a presently preferred exemplary embodiment of the present invention, a CPU known as the Itanium processor utilizes a basic instruction set, Itanium Basic. A follow-on CPU known as the McKinley processor utilizes an extended instruction set, McKinley Extended. Problems can arise when sources authorized to access only the basic set of instructions, access and attempt to execute instructions in the extended instruction set. Therefore, the present invention selectively limits access to the instruction core to the basic instruction set 58.
The invention prohibits direct accesses from the third party software 51 to any of the protected hardware address ranges in the coherency controller 56, or to any of the CPU instruction sets in the instruction core 57. The third party software is only allowed to access these addresses through service routines provided by the abstraction layers, PAL 53, HAL 54, and SAL 55. Third party software is not allowed to execute instructions except those instructions in the Itanium_basic instruction set. For example, a third party OS may attempt to execute an instruction in the McKinley_extended instruction set 59 in the instruction core. However, as shown in FIG. 5, execution of the McKinley_extended instruction set is limited to code executing in a permitted abstraction layer (PAL in this example), and the access is prohibited when the processor recognizes that the execution address is not from one of the permitted abstraction layers.
Thus, each abstraction layer has specific hardware address ranges and instruction sets that it is permitted to access or execute. In the example illustrated in FIG. 5, the abstraction layers are all permitted to execute the basic instruction set 58 while only PAL 53 is permitted to execute the extended instruction set 59. It should be recognized by those skilled in the art, however, that the present invention may prohibit or permit any combination of the abstraction layers from executing any designated instruction set. Any unauthorized attempt to access a protected hardware address range, or to execute a protected instruction set is flagged. The simulator may then be stopped, and the user may be warned that he is accessing a protected address or instruction.
FIG. 5 illustrates a relationship in which the PAL code 53 is prohibited from accessing the coherency controller 56, but is permitted to execute the basic instruction set 58 and the extended instruction set 59. The HAL code 54 is permitted to execute the basic instruction set 58, but is prohibited from accessing the coherency controller 56 or executing the extended instruction set 59. The SAL code 55 is permitted to access the coherency controller 56 and to execute the basic instruction set 58, but is prohibited from executing the extended instruction set 59. Therefore, any off-chip access must specify the correct abstraction layer for a targeted hardware address, and any instruction execution must be from a specified software abstraction layer.
As noted above, although the preferred embodiment of the present invention is described herein in terms of modifications to a reference platform simulator, the present invention may also be practiced on actual hardware systems such as a PC. In the PC environment, some game manufacturers may design their game to directly access a hardware component such as the VGA card to get quicker performance. The present invention may be utilized in the PC environment, or in a simulator for a PC environment, to prohibit such direct accesses to the VGA card and require that access be made through the OS.
The present invention may also be tunable. For example, the invention may allow a prohibited access once, but then may give a warning that no more accesses are permitted. If another prohibited access is then attempted, an error message is generated and the simulator or machine may be stopped.
The present invention provides the benefit that hardware revisions can be made by the manufacturer, and only the HAL, SAL, and PAL codes need to be changed. The third party software is not affected since it does not access the hardware directly. An additional benefit accrues for OS developers and the developers and operators of simulators that run multiple OSs. The invention helps these developers and operators ensure that all of the OSs are clean (i.e., have no machine-specific code in them). When all of the OSs are clean, they can be shrink-wrapped and used on any hardware platform since the OSs do not perform any hardware-specific functions. It should be apparent that any known OS (e.g., HPUX®, Linux, Windows®, Windows NT®, MacOS®, any Unix-based OS, and the like) may be verified for compliance by practicing the teachings of the present invention.
Further, it is believed that the operation and construction of the present invention will be apparent from the foregoing Detailed Description. While the system and method shown and described have been characterized as being preferred, it should be readily understood that various changes and modifications could be made therein without departing from the scope of the present invention as set forth in the following claims. For example, while the teachings of the present invention have been particularly exemplified within the context of a simulator that is capable of modeling a reference platform, those skilled in the art will recognize that the present invention may be practiced in conjunction with actual hardware platforms as well. Also, whereas the use of specific commands has been described in reference to the presently preferred exemplary embodiment of the present invention, such command implementations are merely illustrative. Accordingly, all such modifications, extensions, variations, amendments, additions, deletions, combinations, and the like are deemed to be within the ambit of the present invention whose scope is defined solely by the claims set forth hereinbelow.

Claims (21)

1. A computer implemented method of protecting a defined hardware address from being directly accessed by unauthorized software modules, said method comprising:
defining a range of software addresses associated with a particular abstraction layer that is permitted to access a defined range of hardware addresses and storing said defined range of software and hardware addresses on the hardware component storage;
detecting an attempted access to one of the defined hardware addresses;
determining whether the access is from the defined software address range;
permitting the access upon determining that the access is from the defined software address range; and
prohibiting the access upon determining that the access is not from the defined software address range.
2. The method of protecting a defined hardware address of claim 1 wherein the method is practiced on a hardware simulator, and the prohibiting the access includes:
generating an error message to a user; and
stopping the simulator after a current instruction is completed.
3. The method of protecting a defined hardware address of claim 1 wherein the method is practiced on an actual hardware machine, and the prohibiting the access includes:
generating a high priority machine check;
stopping the machine; and
generating a fault that goes to a fault handler.
4. The method of protecting a defined hardware address of claim 1 further comprising:
defining a set of authorized processor instructions;
determining whether a processor instruction being accessed is in the defined set of authorized instructions; and
stopping processor operations upon determining that the processor instruction being accessed is not in the defined set of authorized instructions.
5. The method of protecting a defined hardware address of claim 4 wherein the defining a set of authorized processor instructions includes defining a set of processor instructions that are a subset of all processor instructions.
6. The method of protecting a defined hardware address of claim 5 wherein the subset of all processor instructions form a set of authorized valid processor instructions for a reference platform.
7. A method of protecting a defined range of hardware addresses from being directly accessed by unauthorized software modules, said method comprising:
defining a range of software addresses associated with a particular abstraction layer that is permitted to access a defined range of hardware addresses, wherein the defined range of hardware addresses is identified with a hardware component;
specifying the particular abstraction layer as the only software that is permitted to access the range of hardware addresses associated with the hardware component;
detecting an attempted access to a hardware address in the range of hardware addresses associated with the hardware component;
determining whether the access is from a software address in the range of software addresses associated with the particular abstraction layer;
permitting the access upon determining that the access is from a software address in the range of software addresses associated with the particular abstraction layer; and
prohibiting the access upon determining that the access is not from a software address in the range of software addresses associated with the particular abstraction layer.
8. The method of protecting a defined range of hardware addresses of claim 7 further comprising:
defining a set of authorized processor instructions;
determining whether a processor instruction being accessed is in the defined set of authorized instructions; and
stopping processor operations upon determining that the processor instruction being accessed is not in the defined set of authorized instructions.
9. A method of protecting a defined range of hardware addresses from being directly accessed by unauthorized software modules, said method comprising:
defining a range of software addresses associated with a particular abstraction layer that is permitted to access a defined range of hardware address, wherein the defined range of hardware addresses is identified with a hardware component;
specifying the particular abstraction layer as the only software that is permitted to access the range of hardware addresses associated with the hardware component;
detecting an attempted access to a hardware address;
determining whether the attempted access is directed to a hardware address in the range of hardware addresses associated with the hardware component;
upon determining that the attempted access is directed to a hardware address in the range of hardware addresses associated with the hardware component, searching the defined software address ranges for a match to an instruction pointer in the attempted access; and
prohibiting the access if no match to the instruction pointer is found.
10. The method of protecting a defined range of hardware addresses of claim 9 further comprising prohibiting the access if a match to the instruction pointer is found in a software address range that is not associated with the particular abstraction layer.
11. The method of protecting a defined range of hardware addresses of claim 9 further comprising:
defining a set of authorized processor instructions;
determining whether a processor instruction being accessed is in the defined set of authorized instructions; and
stopping processor operations upon determining that the processor instruction being accessed is not in the defined set of authorized instructions.
12. A system for protecting a defined range of hardware addresses from being directly accessed by unauthorized software modules, said system comprising:
a plurality of hardware components in a functional area of a processing machine, said hardware components having a defined range of hardware addresses;
a module with a particular abstraction layer code having a defined range of software addresses, said particular abstraction layer code being permitted to access the hardware addresses in the defined range of hardware addresses;
access detecting means for detecting an attempted access to a hardware address in the defined range of hardware addresses;
software searching means for determining whether the attempted access is from the particular abstraction layer code; and
error generation means for prohibiting the access and generating an error message upon determining that the access is not from the particular abstraction layer code.
13. A method of verifying software code compliance with respect to a reference platform, comprising:
associating a hardware component of the reference platform with a defined range of hardware addresses;
defining a range of software addresses associated with a particular abstraction layer that is allowed to access the defined range of hardware addresses;
executing a code portion in a computing environment associated with the reference platform;
determining whether any instruction of the code portion attempting to access at least one of the protected hardware addresses is not from the range of software addresses allowed to access the hardware addresses; and
in response to determining that an instruction of the code portion attempting to access at least one of the protected hardware addresses is not from the range of software addresses allowed to access the hardware addresses, providing a flag to indicate the attempted access by the code portion to one of the protected hardware addresses.
14. The method of claim 13 wherein the computing environment comprises an architectural simulator.
15. The method of claim 14 wherein the code portion comprises an operating system.
16. The method of claim 14 wherein the code portion comprises application software.
17. The method of claim 16 wherein the application software comprises computer game software.
18. A computer implemented method of protecting a defined subset of processor instructions from being executed by unauthorized software modules, said method comprising:
defining a set of processor instructions that are allowed to be accessed by at least one particular abstraction layer;
defining a range of software addresses permitted to execute the defined set of processor instructions, the software addresses being associated with the at least one particular abstraction layer and storing said defined range of software and hardware addresses on the hardware component storage;
determining whether an attempted execution of an instruction in the defined set of processor instructions is from a defined software address;
permitting execution of the instruction in the defined set of processor instructions upon determining that the attempted execution is from the defined software address; and
prohibiting execution of the instruction in the defined set of processor instructions upon determining that the attempted execution is not from the defined software address.
19. The method of protecting a defined subset of processor instructions of claim 18 wherein the defining a set of processor instructions includes defining a set of processor instructions that are a subset of all processor instructions.
20. The method of protecting a defined subset of processor instructions of claim 19 wherein the subset of all processor instructions form a set of authorized valid processor instructions for a reference platform.
21. The method of protecting a defined subset of processor instructions of claim 18 further comprising:
defining a software address that is permitted to execute the defined set of processor instructions, the software address being associated with the at least one particular abstraction layer;
determining whether an attempted execution of an instruction in the defined set of processor instructions is from the defined software address;
permitting execution of the instruction in the defined set of processor instructions upon determining that the attempted execution is from the defined software address; and
prohibiting execution of the instruction in the defined set of processor instructions upon determining that the attempted execution is not from the defined software address.
US09/971,327 2001-10-04 2001-10-04 System and method of limiting access to protected hardware addresses and processor instructions Expired - Fee Related US7162743B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US09/971,327 US7162743B1 (en) 2001-10-04 2001-10-04 System and method of limiting access to protected hardware addresses and processor instructions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/971,327 US7162743B1 (en) 2001-10-04 2001-10-04 System and method of limiting access to protected hardware addresses and processor instructions

Publications (1)

Publication Number Publication Date
US7162743B1 true US7162743B1 (en) 2007-01-09

Family

ID=37633608

Family Applications (1)

Application Number Title Priority Date Filing Date
US09/971,327 Expired - Fee Related US7162743B1 (en) 2001-10-04 2001-10-04 System and method of limiting access to protected hardware addresses and processor instructions

Country Status (1)

Country Link
US (1) US7162743B1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7334163B1 (en) * 2004-06-16 2008-02-19 Symantec Corporation Duplicating handles of target processes without having debug privileges
US20090165081A1 (en) * 2007-12-21 2009-06-25 Samsung Electronics Co., Ltd. Trusted multi-stakeholder environment
US20160048390A1 (en) * 2014-08-14 2016-02-18 Freescale Semiconductor, Inc. Method for automated managing of the usage of alternative code and a processing system of operating thereof
US10379888B2 (en) * 2007-03-30 2019-08-13 Intel Corporation Adaptive integrity verification of software and authorization of memory access
WO2023173915A1 (en) * 2022-03-17 2023-09-21 华为技术有限公司 Resource control method and apparatus

Citations (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4313161A (en) * 1979-11-13 1982-01-26 International Business Machines Corporation Shared storage for multiple processor systems
US4513174A (en) * 1981-03-19 1985-04-23 Standard Microsystems Corporation Software security method using partial fabrication of proprietary control word decoders and microinstruction memories
US4652998A (en) * 1984-01-04 1987-03-24 Bally Manufacturing Corporation Video gaming system with pool prize structures
US5210850A (en) * 1990-06-15 1993-05-11 Compaq Computer Corporation Memory address space determination using programmable limit registers with single-ended comparators
US5452431A (en) * 1991-10-30 1995-09-19 U.S. Philips Corporation Microcircuit for a chip card comprising a protected programmable memory
US5685011A (en) * 1995-05-15 1997-11-04 Nvidia Corporation Apparatus for handling failures to provide a safe address translation in an improved input/output architecture for a computer system
US5851149A (en) * 1995-05-25 1998-12-22 Tech Link International Entertainment Ltd. Distributed gaming system
US5878258A (en) * 1996-05-06 1999-03-02 Merrill Lynch, Pierce, Fenner & Smith Seamless application interface manager
US5887169A (en) * 1996-03-15 1999-03-23 Compaq Computer Corporation Method and apparatus for providing dynamic entry points into a software layer
US5987557A (en) * 1997-06-19 1999-11-16 Sun Microsystems, Inc. Method and apparatus for implementing hardware protection domains in a system with no memory management unit (MMU)
US6006328A (en) * 1995-07-14 1999-12-21 Christopher N. Drake Computer software authentication, protection, and security system
US6047388A (en) * 1997-04-09 2000-04-04 International Business Machines Corporation Method and apparatus for processing an invalid address request
US6175916B1 (en) * 1997-05-06 2001-01-16 Microsoft Corporation Common-thread inter-process function calls invoked by jumps to invalid addresses
US6269409B1 (en) * 1997-09-02 2001-07-31 Lsi Logic Corporation Method and apparatus for concurrent execution of operating systems
US20010044891A1 (en) * 2000-01-14 2001-11-22 Mcgrath Kevin J Establishing an operating mode in a processor
US6412070B1 (en) * 1998-09-21 2002-06-25 Microsoft Corporation Extensible security system and method for controlling access to objects in a computing environment
US20020109726A1 (en) * 2000-12-20 2002-08-15 Rogers Steven W. System and method for accessing registers of a hardware device in a graphical program
US20020147870A1 (en) * 2001-01-30 2002-10-10 Rahul Khanna Method for creating a communication-channel for bus communication
US6470395B1 (en) * 1998-10-21 2002-10-22 Alcatel Method to impose execution of a predefined command, first terminal and second terminal realizing such a method and a communication network including such a first terminal and such a second terminal
US6477612B1 (en) * 2000-02-08 2002-11-05 Microsoft Corporation Providing access to physical memory allocated to a process by selectively mapping pages of the physical memory with virtual memory allocated to the process
US20030033594A1 (en) * 2001-01-29 2003-02-13 Matt Bowen System, method and article of manufacture for parameterized expression libraries
US20030110307A1 (en) * 1996-11-08 2003-06-12 Mario E. De Armas Method and apparatus for software technology injection for operating systems which assign separate process address spaces
US6587947B1 (en) * 1999-04-01 2003-07-01 Intel Corporation System and method for verification of off-chip processor code
US6604123B1 (en) * 1999-02-23 2003-08-05 Lucent Technologies Inc. Operating system transfer of control and parameter manipulation using portals
US6625603B1 (en) * 1998-09-21 2003-09-23 Microsoft Corporation Object type specific access control
US20040103305A1 (en) * 1995-02-13 2004-05-27 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US6763327B1 (en) * 2000-02-17 2004-07-13 Tensilica, Inc. Abstraction of configurable processor functionality for operating systems portability
US20040181801A1 (en) * 2000-12-28 2004-09-16 David Hagen Interactive television for promoting goods and services
US20040225805A1 (en) * 2000-12-27 2004-11-11 Anil Vasudevan Network based intra-system communications architecture
US20050041032A1 (en) * 2001-01-16 2005-02-24 Microsoft Corporation System and method for optimizing a graphics intensive software program for the user's graphics hardware
US6889258B1 (en) * 1999-03-04 2005-05-03 Webtv Networks, Inc. Automatic compiling of address filter information

Patent Citations (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4313161A (en) * 1979-11-13 1982-01-26 International Business Machines Corporation Shared storage for multiple processor systems
US4513174A (en) * 1981-03-19 1985-04-23 Standard Microsystems Corporation Software security method using partial fabrication of proprietary control word decoders and microinstruction memories
US4652998A (en) * 1984-01-04 1987-03-24 Bally Manufacturing Corporation Video gaming system with pool prize structures
US5210850A (en) * 1990-06-15 1993-05-11 Compaq Computer Corporation Memory address space determination using programmable limit registers with single-ended comparators
US5452431A (en) * 1991-10-30 1995-09-19 U.S. Philips Corporation Microcircuit for a chip card comprising a protected programmable memory
US20040103305A1 (en) * 1995-02-13 2004-05-27 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5685011A (en) * 1995-05-15 1997-11-04 Nvidia Corporation Apparatus for handling failures to provide a safe address translation in an improved input/output architecture for a computer system
US5851149A (en) * 1995-05-25 1998-12-22 Tech Link International Entertainment Ltd. Distributed gaming system
US6006328A (en) * 1995-07-14 1999-12-21 Christopher N. Drake Computer software authentication, protection, and security system
US5887169A (en) * 1996-03-15 1999-03-23 Compaq Computer Corporation Method and apparatus for providing dynamic entry points into a software layer
US5878258A (en) * 1996-05-06 1999-03-02 Merrill Lynch, Pierce, Fenner & Smith Seamless application interface manager
US20030110307A1 (en) * 1996-11-08 2003-06-12 Mario E. De Armas Method and apparatus for software technology injection for operating systems which assign separate process address spaces
US6047388A (en) * 1997-04-09 2000-04-04 International Business Machines Corporation Method and apparatus for processing an invalid address request
US6175916B1 (en) * 1997-05-06 2001-01-16 Microsoft Corporation Common-thread inter-process function calls invoked by jumps to invalid addresses
US5987557A (en) * 1997-06-19 1999-11-16 Sun Microsystems, Inc. Method and apparatus for implementing hardware protection domains in a system with no memory management unit (MMU)
US6269409B1 (en) * 1997-09-02 2001-07-31 Lsi Logic Corporation Method and apparatus for concurrent execution of operating systems
US6412070B1 (en) * 1998-09-21 2002-06-25 Microsoft Corporation Extensible security system and method for controlling access to objects in a computing environment
US6625603B1 (en) * 1998-09-21 2003-09-23 Microsoft Corporation Object type specific access control
US6470395B1 (en) * 1998-10-21 2002-10-22 Alcatel Method to impose execution of a predefined command, first terminal and second terminal realizing such a method and a communication network including such a first terminal and such a second terminal
US6604123B1 (en) * 1999-02-23 2003-08-05 Lucent Technologies Inc. Operating system transfer of control and parameter manipulation using portals
US6889258B1 (en) * 1999-03-04 2005-05-03 Webtv Networks, Inc. Automatic compiling of address filter information
US6587947B1 (en) * 1999-04-01 2003-07-01 Intel Corporation System and method for verification of off-chip processor code
US20010044891A1 (en) * 2000-01-14 2001-11-22 Mcgrath Kevin J Establishing an operating mode in a processor
US6477612B1 (en) * 2000-02-08 2002-11-05 Microsoft Corporation Providing access to physical memory allocated to a process by selectively mapping pages of the physical memory with virtual memory allocated to the process
US6763327B1 (en) * 2000-02-17 2004-07-13 Tensilica, Inc. Abstraction of configurable processor functionality for operating systems portability
US20020109726A1 (en) * 2000-12-20 2002-08-15 Rogers Steven W. System and method for accessing registers of a hardware device in a graphical program
US20040225805A1 (en) * 2000-12-27 2004-11-11 Anil Vasudevan Network based intra-system communications architecture
US20040181801A1 (en) * 2000-12-28 2004-09-16 David Hagen Interactive television for promoting goods and services
US20050041032A1 (en) * 2001-01-16 2005-02-24 Microsoft Corporation System and method for optimizing a graphics intensive software program for the user's graphics hardware
US20030033594A1 (en) * 2001-01-29 2003-02-13 Matt Bowen System, method and article of manufacture for parameterized expression libraries
US20020147870A1 (en) * 2001-01-30 2002-10-10 Rahul Khanna Method for creating a communication-channel for bus communication

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7334163B1 (en) * 2004-06-16 2008-02-19 Symantec Corporation Duplicating handles of target processes without having debug privileges
US10379888B2 (en) * 2007-03-30 2019-08-13 Intel Corporation Adaptive integrity verification of software and authorization of memory access
US20090165081A1 (en) * 2007-12-21 2009-06-25 Samsung Electronics Co., Ltd. Trusted multi-stakeholder environment
US8752130B2 (en) * 2007-12-21 2014-06-10 Samsung Electronics Co., Ltd. Trusted multi-stakeholder environment
US20160048390A1 (en) * 2014-08-14 2016-02-18 Freescale Semiconductor, Inc. Method for automated managing of the usage of alternative code and a processing system of operating thereof
US9430230B2 (en) * 2014-08-14 2016-08-30 Freescale Semiconductor, Inc. Method for automated managing of the usage of alternative code and a processing system of operating thereof
WO2023173915A1 (en) * 2022-03-17 2023-09-21 华为技术有限公司 Resource control method and apparatus

Similar Documents

Publication Publication Date Title
US7058768B2 (en) Memory isolation through address translation data edit control
JP4759059B2 (en) Page coloring that maps memory pages to programs
US20070067590A1 (en) Providing protected access to critical memory regions
US20070079090A1 (en) Validating a memory type modification attempt
JP2004530979A (en) Method and apparatus for protecting a portion of a memory
JP2010511227A (en) Compile executable code into unreliable address space
KR20130036189A (en) Restricting memory areas for an instruction read in dependence upon a hardware mode and a security flag
JP6370098B2 (en) Information processing apparatus, information processing monitoring method, program, and recording medium
US20060129880A1 (en) Method and system for injecting faults into a software application
US11797398B2 (en) Systems and methods for checking safety properties
US6237137B1 (en) Method and system for preventing unauthorized access to a computer program
EP3864555B1 (en) Verifying a stack pointer
US9176821B2 (en) Watchpoint support system for functional simulator
US6725345B2 (en) Object-oriented program with a memory accessing function
US7162743B1 (en) System and method of limiting access to protected hardware addresses and processor instructions
US8612720B2 (en) System and method for implementing data breakpoints
US11216280B2 (en) Exception interception
CN114741740A (en) Physical memory protection method, system and related equipment based on RISC-V
KR20230101826A (en) Techniques for restricting access to memory using capabilities
KR20230017832A (en) TAG checking device and method
CN111143851A (en) Detection method and system suitable for leakage of kernel object address of operating system
CA2543588A1 (en) System for selectively enabling operating modes of a device
WO2023209323A1 (en) Exception return state lock parameter
TW202343257A (en) Memory management
Zhang et al. Formal Verification of Interrupt Isolation for the TrustZone-based TEE

Legal Events

Date Code Title Description
AS Assignment

Owner name: HEWLETT-PACKARD COMPANY, COLORADO

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BOLDING, JOE;TORMEY, DAN;REEL/FRAME:012652/0178

Effective date: 20011003

AS Assignment

Owner name: HEWLETT-PACKARD DEVELOPMENT COMPANY L.P., TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HEWLETT-PACKARD COMPANY;REEL/FRAME:014061/0492

Effective date: 20030926

Owner name: HEWLETT-PACKARD DEVELOPMENT COMPANY L.P.,TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HEWLETT-PACKARD COMPANY;REEL/FRAME:014061/0492

Effective date: 20030926

CC Certificate of correction
FPAY Fee payment

Year of fee payment: 4

REMI Maintenance fee reminder mailed
LAPS Lapse for failure to pay maintenance fees
STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20150109